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Abstract 

Recent research has revealed that the "always" and "eventually" 
operators from temporal logic correspond to the type constructors 
for behaviors and events from functional reactive programming 
(FRP). It is furthermore well-known that the "until" operators from 
LTL are generalizations of "always" and "eventually". In this paper, 
we show that behaviors and events can be generalized analogously. 
The result is a notion of process, which combines continuous and 
discrete aspects. We develop a common categorical semantics for 
an intuitionistic temporal logic with "until" and FRP with processes. 
This semantics reflects time-dependent trueness in temporal logic, 
time-dependent type inhabitance in FRR and causality of FRP 
operations. 

Categories and Subject Descriptors F.3.2 [Logics and Meanings 
of Programs]: Semantics of Programming Languages; D.l.l [Pro- 
gramming Techniques]: Applicative (Functional) Programming; 
F.4.1 [Mathematical Logic and Formal Languages]: Mathematical 
Logic — Temporal logic 

Keywords Functional Reactive Programming, Curry-Howard Cor- 
respondence, Category Theory, Categorical Semantics, Causality 

1. Introduction 

Functional reactive programming (FRP) is a declarative approach to 
programming reactive systems. Its key constructs are behaviors and 
events. A behavior is a time-varying value, and an event is a value at- 
tached to a time. There is a Curry-Howard correspondence between 
FRP and an intuitionistic logic that has temporal operators "always" 
and "eventually" and a linear notion of time |4~6|. Thereby the type 
constructors for behaviors and events correspond to "always" and 
"eventually", respectively. 

It is well-known that "always" and "eventually" can be defined 
using the more general "until" operators from linear-time temporal 
logic (LTL). This suggests that there are generalizations of behaviors 
and events that correspond to proofs of "until" propositions. We 
deal with this topic in |Section 2| where we make the following 
contributions: 



Permission to make digital or hard copies of all or part of this work for personal or 

classroom use is granted without fee provided that copies are not made or distributed 

for profit or commercial advantage and that copies bear this notice and the full citation 

on the first page. To copy otherwise, to republish, to post on servers or to redistribute 

to lists, requires prior specific permission and/or a fee. 

PLPV '13, January 22, 2013, Rome, Italy. 

Copyright © 2013 ACM 978-1-4503-1860-1/13/01. . .$15.00 



• We define an intuitionistic temporal logic with "until" operators 
by giving a syntax and a categorical semantics. Afterwards we 
construct an FRP dialect whose syntax and semantics correspond 
to the syntax and semantics for that temporal logic. We show 
that proofs of "until" propositions correspond to FRP values that 
combine continuous and discrete aspects and cover behaviors 
and events as special cases. We call these values processes. 

• We give several examples of how processes can be applied. 
These examples demonstrate that processes naturally represent 
constructs in real world applications, and that process types can 
be used to specify a variety of temporal protocols. 

While the categorical semantics from |Section 2| is appropriate 
to motivate processes, it does not exactly match real FRP. FRP 
programs are constructed using causal operations, so that they are 
able to produce output solely on the basis of already known input. 
The problem of the sema ntics from|Section 2| is that it also models 
noncausal operations. In |Section 3| we deal with this issue and 
thereby make the following contributions: 

• We define concrete process categories (CPCs), which can serve 
as categorical models of FRP with processes. CPCs focus 
on the time-dependent knowledge about values, not on the 
values themselves. This makes it possible to express causality 
of FRP operations. On the logic side of the Curry-Howard 
correspondence, CPCs lead to a new temporal logic, which we 
call emergence logic (EL). 

• We substantiate the claim that CPCs express causality by proving 
that certain noncausal operations related to events do not have 
meanings in arbitrary CPCs. 

We discuss related work i n|Section 4| and give conclusions and 
an outlook on further work in lSection 51 



2. From "Until" to Processes 

In this section, we show how "until" operators inspired by linear- 
time temporal logic (LTL) 1 1 1 give rise to an FRP construct that 
generalizes behaviors and events. We first develop an intuitionistic 
temporal logic with "until" operators, and investigate its program- 
ming language analog afterwards. 

2.1 Temporal Logic with "Until" Operators 

We consider a temporal logic that is intuitionistic and treats time as 
linear, but not necessarily discrete. 



If A denotes a set of atomic propositions, the syntax of our logic 
can be defined by the following BNF rule: 

F ■■■= A | T | _L | F A F | F V F | F -> F \ ->F \ F >" F \ F ►" F | 
F >' F | F F | F > F | F ► F | n'F | O'F | OF \ OF 

The operators that do not come from propositional logic are called 
temporal operators. They are further subdivided into strong "until" 
operators (>", >', and >), weak "until" operators (►", ►', and ►), "al- 
ways" operators (□' and □), and "eventually" operators (O' and 0)Q 
The unary operators bind stronger than the binary operators. Among 
the binary operators, the "until" operators have the highest prece- 
dence, followed by A, V, and — > in this order. We consider all binary 
operators to be right-associative. 

We now develop a categorical semantics for our logic. This 
semantics is strongly related to one that we used in an earlier work 1 7 
Section 2] for a different temporal logic. 

In our semantics, models are tuples (T, <, 3) where (T, <) is 
a totally ordered set, and 3 is a cartesian closed category with 
coproducts (CCCC). We use (T, ^) to represent the time scale and 
3 to model propositional logic in the well-known way |9|. Given 
a model (T, <, 3), we can regard T as a discrete category and form 
the functor category & . The objects of 3 T serve as meanings of 
temporal propositions. Since these objects are functions that map 
times to objects of 3, temporal propositions denote time-varying 
statements. A morphism / : A — * B of 3 T is a family {f} teT of 
morphisms with /, : A(t) — > B(t) for every re T; so if A and B 
model temporal propositions tp and if/, f models a proof showing 
that tp implies if/ at every time. 

The CCCC structure of 3 gives rise to a CCCC structure 
of 3 T , whose operations are pointwise applications of the respective 
operations of 3. The CCCC structure of 3 T models the propositional 
fragment of our temporal logic. So operators T, _L, A, V, — >, and -i 
work pointwise with respect to times; for example, a proposition 
q> A if/ holds at a certain time if <p and if/ individually hold at that 
time. 

A proposition <p>"i// holds if if/ will hold at some future time, and 
tp will hold until if/ holds. A proposition ip if/ holds additionally 
if tp will hold forever, in which case if/ is not required to hold at 
any future time. We model the logical operators >" and ►" by two 
functors >", ►" : 3 T x3 T — > 3 T that fulfill the following equations 
for all morphisms / and g and times fj^j 



(f>" 8 \= u n> 

r'e((,oo) \\t"e(t,t') 

(/►" s),=(f>" g\+ n £ 



X gr- 



in 

(2) 



r'e(r.oo) 



From these equations, we can easily derive how the functors >" 
and ►" work on objects. This corresponds to the informal description 
of the meanings of the logical operators >" and that we have 
given above. 

For the definitions of the functors >" and to work, all 
products and coproducts of families indexed by intervals (t, oo) and 
all products of families indexed by intervals (t, f) must exist in 3. 
The latter requirement is covered by the former, since for any sets 



1 Namjoshi and Trefler 1121 use > for the "constrains" modality, while the 
typical notation for strong "until" is 11. We nevertheless decided to use 
> for strong "until", since 11, being a letter, is not really suitable as an 
infix operator, and furthermore >, unlike most infix operators, has a filled 
variant which we can use to denote weak "until". 

2 The notation (t, oo) we use in these equations denotes the set {f 6 T \ t < f}. 
Note that such a set has a maximum if T has a maximum. 



M and N with M QN and any family {A x } xeM of objects, we have 
|~[A t a]~[A r (3) 



with A. 



defined as follows: 



A x if x 6 M 
1 otherwise 



(4) 



Since the axioms of a CCCC only guarantee the existence of finite 
products and coproducts, and the intervals (f, <x>) may be infinite, we 
have to tighten our requirements on the category S. This leads to 
the actual definition of our categorical models, which we call fan 
categories. 

Definition 1 (Fan category). A fan category is a tuple (T, <,,&) 
where (T, <) is a totally ordered set, and 3 is a CCCC that 
has all products and coproducts of families indexed by intervals 
(t, oo) c T, The actual category that (T, <, 3) denotes is the functor 
category 3 T . 

We call the functors >" and the basic temporal functors of 
the fan category (T, <, 3). In particular, we say that >" is the strong 
and is the weak basic temporal functor of this fan category. We 
record this in the following definition. 

Definition 2 (Basic temporal functors of a fan category). For any 
fan category (T,^,3), the functors >",*■" : 3 T x 3 T -» 3 T that 
are defined according to l[TJ and |2]( are called the strong and the 
weak basic temporal functor of(T, <, 3). 

Propositions <p>' if/ and ip ►' if/ are similar to <p >" if/ and <p *■" if/, 
but require tp to also hold at the present time. Propositions <p > i// and 
ip ► if/ additionally hold if if/ holds at the present time, in which case 
tp is not required to hold at any time. We do not treat >', >, and ► 
as fundamental, since we can define them in terms of >" and ►": 



ip l/r = (p a <p ifi (5) 
(p*-ifr = if/V<p>'ij/ (6) 



tp >' if/ = tp A ip >" if/ 
ipt>lfj = lf/\/tp>'ip 

A proposition u'tp holds if tp will always hold, and a proposition 
O'tp holds if tp will hold at some future time. A proposition ntp 
requires tp to also hold at the present time, and a proposition Op 
additionally holds if tp holds at the present time. We define □', O', 
□ , and O in terms of "until" operators: 

U'tp = tp _L O'tp = T >' tp (7) 

Dtp = tp >' X Op = T > tp (8) 

We can turn {5} through ([8J into definitions of functors >',►',>, 
□', O', □, and O that model the corresponding logical operators. 
All we have to do is replace propositions by morphisms and the 
logical operators T, _L, A, and V by the functors 1, 0, x, and +. 

Definition 3 (Derived temporal functors). If C is a CCCC equipped 
with functors >", : C X C — * C, the derived temporal functors 
>',►',>,►: C x C — > C and □', <>',□,<> : C — > C are defined as 
follows: 

f>'g = fxf>"g f>'8 = f*f>"g (9) 

f>8 = S + f>'g f*-g = g + f*-'g (10) 

□'/ = /►"(> 0'f=l>'f (ID 

□/ = /►' 0 0/=l>/ (12) 

Corollary 1. In every fan category, the following propositions hold: 

□7= H ft o'/= ]J ft (13) 



C £((,«>) 



o/« [J f< 



(14) 



2.2 FRP with Processes 

We now examine the FRP language that is connected to our tem- 
poral logic from |the previous subsection] via a Curry-Howard cor- 
respondence. Clearly, the type constructors of this FRP language 
correspond to the operators of our temporal logic. As usual, the 
analogs of the propositional logic operators are type constructors 
for forming finite products, finite sums, and function spaces. The 
analogs of temporal operators are temporal type constructors, which 
we denote by the same symbols as their logical counterparts. So if 
A denotes a set of atomic types that corresponds to the set of atomic 
temporalpropositions, the syntax of our FRP language is defined as 
follows^] 

T ::= A | 1 | 0 | T x T \ T + T \ T -> T \ T >" T \ T T \ 
T>'T\T>'T\T>T\T + T\ d'T | O'T \nT\QT 

We handle precedence and associativity analogously to our temporal 
logic. 

Because of the Curry-Howard correspondence between our 
FRP language and our temporal logic, we can take the categorical 
semantics from |the previous subsection] as a semantics for FRP 

Let (T, <, S) be a fan category. Since S is a CCCC, it models a 
system of ordinary types that comprises the type constructors for 
finite products, finite sums, and function spaces. The objects in the 
functor category S T are the meanings of FRP types. Since they are 
functions that map times to objects of S, FRP types can be regarded 
as functions from times to ordinary types. So it may depend on the 
time what values inhabit a certain FRP type. If objects A and B 
model FRP types t\ and t 2 , a morphism / : A — > B denotes an 
operation that turns any value that inhabits T\ at some time into a 
value that inhabits r 2 at the same time. 

Finite products, finite sums, and functions spaces in FRP are 
modeled by the CCCC structure of & . So they are pointwise 
applications of the respective constructions on ordinary types. 

We can see from \13) how the type constructors □' and O' work. 
A value b that inhabits a type d't at a time t corresponds to a 
function that maps each time f e (f, 00) to a value that inhabits t 
at f . So it denotes a time- varying value that persists forever once 
it has come into existence. Such a value b is called a behavior. A 
value e that inhabits a type O'r at a time t corresponds to a pair of a 
time f e (t, <x>) and a value x that inhabits r at f . So e denotes an 
event that occurs at f and is further characterized by x. 

Types d't contain behaviors that start immediately after the 
present time, and types O'r contain events that fire in the future. We 
can see from < | 1 4[ > that the type constructors □ and O are variants 
of □' and O' that also refer to the present. A behavior of a type Pt 
starts at the present time, and an event of a type Or may also fire at 
the present time. 

Equation {T} shows that each value p that inhabits a type T\ >" r 2 
at a time / corresponds to a tuple with the following elements: 

• a time f e (f, 00) 

• a function h that maps each time t" e (t, f) to a value that 
inhabits T\ at t" 

• a value z that inhabits t 2 at f 

The function h denotes a time-varying value that does not persist 
forever, but vanishs immediately before ?'. We call this time- varying 
value the continuous part of p. The pair (t',z) denotes an event 
that immediately follows the continuous part. We call this event 
the terminal event of p. The value p itself is called a process in 
our terminology. We say that p emits the values h(t") and z at the 
times t" and at the time f, respectively. 



We do not include a type constructor that corresponds to -i, since such a 
type constructor is uncommon, and -up is just syntactic sugar for ip — » X. 



According to Q, a value of a type T\ ►" r 2 covers all values 
of type T\ >" r 2 and furthermore all behaviors over Ti. We regard 
the latter as special processes that never terminate and thus have an 
infinite continuous part and no terminal event. 

The definitions of the logical operators >', >, and ► in 
^ and {6} give rise to the following definitions of the corresponding 
FRP type constructors: 

T\ >' T 2 = T] X T\ >" T 2 T[ *■' T2 = T\ X T\ ►" T2 (15) 

T[ > T 2 = T 2 + T\ >' Ti T\ *■ T 2 = Tl + T\ T 2 (16) 

Types T\ >' t 2 and t 2 r 2 contain processes whose continuous parts 
start at the present time instead of immediately after it. Types t\ > r 2 
and t, ► t 2 additionally contain processes that already stop at the 
present time, and whose continuous parts are therefore empty. 

Temporal logic with "until" operators is more expressive than 
temporal logic with only □', O', □, and O. Likewise the introduction 
of processes expands the expressiveness of FRP. It turns out that the 
additional expressiveness can be used in practice to specify various 
temporal properties using types. Following we give examples of 
such uses: 

Finite time-varying values. Behaviors can only represent time- 
varying values that last forever. In practice, however, we often 
face situations where a time-varying value ceases to exist after 
a finite period of time. For example when a media player 
application plays back a song, it produces an audio signal of 
finite length, because the song is finite. We can represent finite 
time-varying values by inhabitants of types t > 1 . In the case of 
the audio signal, we can use the type (R x R) > 1, assuming that 
playback is in stereo. To represent time-varying values with no 
termination guarantee, we can take types t ► 1 instead of t > 1 . 

Termination-related information. Sometimes we want to de- 
scribe information that arises when a time- varying value ends. 
For example, playback in a media player can terminate be- 
cause the song has ended or because the user canceled the 
playback. We may want to state the reason for termination along 
with the audio signal itself. We can do this via a value of type 
(R X R) > (1 + 1). 

Time-varying values whose type changes over time. There are 
situations where the type of a time-varying value changes at 
discrete points in time. For example, a media player might allow 
for switching between stereo and mono playback, which means 
that the audio signals it produces consist of intervals with values 
of type R x R and intervals with values of type R. If we add least 
and greatest fixpoints to our FRP type system, we can represent 
such audio signals by FRP values. Several variants are possible, 
specifying different properties of signals: 

• The type 

va . (R x R) ►' R ►' a 
contains all stereo-mono signals that do not terminate. 

• The type 

va . (R x R) >' R >' a 

additionally guarantees that a switch from stereo to mono or 
back will always occur after a finite amount of time. 

• The type 

va . 1 + (RXR)*' (1 + a) 

contains all stereo-mono signals, terminating and nontermi- 
nating. 

• The type 

va . 1 + (R x R) >' (1 + R>' a) 



is like the previous one, except that it provides an additional 
switch guarantee. 

• Finally the type 

fia . 1 + (R x R) >' (1 + R >' or) 
contains just the terminating stereo-mono signals. 

Weak events. Values of types O't represent events that will defi- 
nitely occur. In practice, however, we usually do not have an 
occurrence guarantee. For example, we cannot describe the next 
key press on the keyboard by a value of type O'Key, because the 
user might not press a key anymore. However we can use types 
1 r to get rid of the occurrence requirement. For instance, 
we can represent the potential next key press by a value of type 
1 Key. 

This list of examples gives only a first idea of what is possible 
with an FRP language that includes strong and weak process types. 
Temporal protocols more complex than the above ones can be 
specified with our FRP type system, in particular, by combining 
processes and fixpoints with sums to allow for alternatives. 

3. Concrete Process Categories 

Fan categories capture the notions of time-dependent trueness of 
propositions in temporal logic and time-dependent type inhabitance 
in FRP. However they do not express causality of FRP operations. 
In this section, we develop a novel categorical semantics for FRP 
with processes that overcomes this problem. This semantics gives 
rise to an intuitionistic temporal logic that comprises a notion of 
time-dependent knowledge. 

3.1 Causality 

FRP values may contain information about the present and the future. 
However information about a certain time is not available before 
that time. So when an FRP program produces a value, we generally 
do not know this value completely, but only its present-related 
information. Its future-related information becomes increasingly 
available as time progresses. 

Let us illustrate this with an example. We consider a program 
component P that gives the user some time to press a key on the 
keyboard. P yields an event e of type 0'(Key + 1). If the user presses 
a key k before P times out, e fires at the time of the key press and 
carries L\(Jc) as its value. Otherwise, e fires at the timeout and carries 
£2 (tt) as its value. 

P yields e when it starts to wait for a key press. However all the 
information that e provides refers to the time when e occurs. Until 
this time, we cannot obtain any information about e. This is sensible, 
because neither the occurrence time of e, nor the value it carries 
can be known before e fires. We cannot know whether the user will 
press a key before the timeout if neither a key has been pressed yet, 
nor the timeout has occurred so far. Furthermore we cannot know 
before a key press what key will be pressed at what time. 

Let us now look at the type O'Key + O'l. A value of this type is 
characterized by a value i E {1,2}, which denotes an alternative, and 
a value of type O'Key or O' 1, depending on i. The information given 
by i is not tied to any future time, so it is available immediately. 
If there was a polymorphic operation d that turned values of types 
0'(ri + ri) into values of types O'ti + O'ti, we could use d to know 
in the present what the alternative of a future sum type value is. In 
particular, we could apply d to the output of P to get a value of type 
O'Key + O'l that tells us immediately whether the user will press a 
key early enough. An operation that enables us to transfer certain 
future knowledge to the present is a noncausal operation. Since 
looking into the future is not possible for FRP programs, noncausal 
operations like d cannot exist in FRP. 



The absence of the operation d from FRP means that 0'(<pVif/) — » 
O'v V O'tf/ cannot be a theorem in the logic that corresponds to 
FRP. This is unlike classical temporal logic, where 0'(ip V if/) and 
0'ip V O'iA are equivalent. 

The situation is analogous for miliary disjunction, which is _L. In 
classical temporal logic, the propositions O'-L and _L are equivalent, 
but O'-L — > J. cannot be a theorem in the logical counterpart of FRP. 
An FRP operation a from O'O to 0 would have to produce a value of 
type 0 immediately under the assumption that it will receive a value 
of type 0 in the future. Since there actually is no value of type 0, 
a could only generate its result by using the hypothetical value of 
type 0 it will receive later. However only a noncausal operation 
could do this. 

Unfortunately fan categories do not only model causal, but also 
noncausal operations. In particular, they cover a natural isomorphism 
0'(A + B) = O'A + O'B and an isomorphism O'O = 0. So the 
semantics from |Section 2| is actually not a proper semantics for FRP. 
Therefore we develop a class of FRP models that take causality into 
account. We call these models concrete process categories (CPCs). 

3.2 Objects and Morphisms 

The key problem of the semantics from |Section 2| is that it considers 
FRP values to be always known completely. Remember that an FRP 
type r is modeled by a function A : T — » Ob(£>) where for each /, 
the object A(t) denotes the type of all values that inhabit r at t. So 
the semantics deals only with the inhabitants themselves, not with 
the knowledge about them, which is often only partial. 

To get rid of this problem, we modify the semantics such that 
an object A that models an FRP type r assigns objects of S to pairs 
(t, t 0 ) of times with t < t 0 . Thereby each object A(t, t a ) deals with the 
FRP values that inhabit t at t. It describes the type whose inhabitants 
give the information we have about these FRP values at /„. We call 
t a the observation time. 

We now extend the semantics such that every object A addition- 
ally maps each triple (t, t a , t' 0 ) with / < t a < t' a to a morphism 

A{t,t a ,t' 0 ) : A{t,Q -> A(t,t 0 ) 

that denotes a function that discards the information gathered after t 0 . 
Certain restrictions apply to the choice of morphisms A (t, t 0 , t' 0 ): 

• If the source and the target observation time are the same, no 
information is actually discarded. So for all objects A and all 
times t and t a with t < t 0 , the following equation must hold: 

A(t,t a ,t 0 ) = id MtJo) (17) 

• Two consecutive steps of information disposal lead to the same 
result as one corresponding single step. So for all objects A and 
all times t, t 0 , t' 0 , and t" with t < t 0 < t 0 < f 0 ', the following 
equation must hold: 

A(t,t 0 ,O = A(t,t 0 ,f o )A(t,t o ,O (18) 

If A and B are objects that model FRP types 7] and t 2 , we want 
the morphisms from A to B to model the causal transformations 
from Ti to t 2 . An operation is causal if the information about its 
output is uniquely determined by the information about its input for 
any observation time. Therefore we define a morphism / : A — » B 
to be a family of morphisms 

/<«„) : A(t, t a ) -» Bit, t 0 ) 

with t < t 0 where each morphism / ( , , o) models a function that trans- 
forms the respective input information into the corresponding output 
information. If two such functions refer to the same inhabitation 
time, but to different observation times, they must agree in how they 
generate common output information. This means that for all t, t 0 , 



and t' a with t < t a < f Q , the following diagram must commute: 
A(Mo,0 



A(f, t B ) 

/(<,« 
B(t,t 0 ) 



B(t,t 0 ,f 0 ) 



B(t,t' a ) 



(19) 



We can succinctly summarize the above development by saying 
that the category whose objects model FRP types and whose 
morphisms model causal operations is the functor category S 1 
where I is the temporal index category of (T, sS) as defined by 
|the following definition| 

Definition 4 (Temporal index category). The temporal index cate- 
gory of a totally ordered set (T, <) is the category I with 



Ob(J) = {(f,*o)erxr|f«a 



and 



homj((Y, Q , (t, f 0 )) : 



{(t,t 0 ,t' 0 )} ift = t' andt 0 Kt' 0 
0 otherwise 



Corollary 2. Let (T, <) be a totally ordered set and T be its 

category. Then the temporal index category of(T, <) is isomorphic to 
the coproduct of the slice categories ofT° v , that is, \J KT (T° P I t). 

3.3 Products and Coproducts 

The cartesian and the cocartesian structure of S give rise to a 
cartesian and a cocartesian structure of S 1 , where products and 
coproducts are formed pointwise. We use these structures of & 
to model finite products and finite sums. This is analogous to fan 
categories, where we use the cartesian and the cocartesian structure 
of the functor category & for the same purpose. 

The cocartesian structure of & is particularly interesting. Let us 
have a look at its implications on FRP: 

• The coproduct of two objects of & is given by the following 
equation: 

(A + B)(t, t 0 ) = A(t, t a ) + B(t, t a ) (20) 

So if a is an FRP value that inhabits a type T\ + t 2 at a time t, 
we know the alternative that a belongs to at every time t 0 > t, 
including t itself. 

• The coproduct of zero objects of & is given by the following 
equation: 

0(U o ) = 0 (21) 

So if we had an FRP value that inhabits 0 at a time t, we could 
derive a contradiction at every time t 0 > /, including / itself. 

3.4 Exponentials 

For modeling function spaces, we need S 1 to have exponentials. 
However since the category I is typically not discrete, exponentials 
in S 1 cannot be constructed pointwise in general and are not even 
guaranteed to exist. 

If S = Set, then S 1 is essentially a presheaf category. As a result, 
all exponentials exist, and they can be defined via the following 
equation: 

B A (t, t a ) = Hom S j (Honij((/, t a ), -) x A, B) (22) 

This equation can be generalized as follows to cover cases other 
than S = Set: 



B A (t,t a ). 



f 

J(f'X 



n 



( ( *«S) er Hom J ((M 0 ),(<*4)) 



(23) 



If f = t and f* < t 0 , then Homj((i, f„), (t*, f*)) is a terminal object 
in Set, otherwise it is the initial object 0. This leads to a simplified 
version of d23b : 



B^it, to) ■ 



f B(t,Q«'-V 

Jf o e[t,t 0 ] 



(24) 



Exponentials in S 1 exist if and only if the ends in {24) exist. 

Let us see what the above definition of exponentials means 
for FRP. Say / inhabits a function type at a time t. The infor- 
mation about / at a time t 0 is characterized by a family of func- 
tions {/^} ( » j j where for each observation time f*, f t * transforms 

information about arguments into information about results, and all 
f t * agree in how they generate common output information. Mor- 
phisms B A (t, t a , t' a ) denote FRP operations that discard information 
by dropping all functions ff with f* > t a . 

3.5 Weak Basic Temporal Functor 

We model the process type constructor by a functor ►", like in 
the semantics from |Section 2[ 

Let us see what information we have about a process p at an 
observation time t a . In any case, we know whether p has already 
terminated or not. Our further knowledge about p depends on its 
termination status: 

• If p has terminated, we know the time when it terminated. All 
values of its continuous part and the value of its terminal event 
have been emitted already. However these values may refer to 
the future; for example, they may be processes themselves. So 
we might not know them completely. Our information about 
them is limited by the observation time t a . 

• If p has not terminated (and will possibly never terminate at 
all), we do not have any information about a terminal event. 
Furthermore we do not know anything about the values of the 
continuous part of p that will be emitted after t 0 . We only 
have information about the values of the continuous part up 
to and including t 0 , and this information is itself limited by the 
observation time t„. 

To aid the definition of ►", we introduce constructs that deal with 
a more refined notion of information about processes. Let T\ and t 2 
be FRP types, and t, f„, and f* be times with t < t 0 < t\. For every p 
that inhabits T\ ►" t 2 at t, p t t i shall denote the information we have 

about p at fj with the exception that all information about values 
emitted by p shall use fj as the observation time. We introduce 
a family {^ AB ,,t,t} of objects of S where A, B e Ob(S J ) and 



A,B,t,t' 0 ,tl 



t < tj < tl. If A and B model FRP types tj and r 2 , then K 
models the type of all p j * where p inhabits Ti ►" t 2 at t. The 
definition of K A g ( f t f * is as follows: 



K 



A,s,fj 0 ,r; 



li n A ( f, '0 x 4'< o 
n a m 



(25) 



Applications of objects A B to objects of I can be easily 
defined using the family \K 



A.B.I J 0 .til' 

(A»>" B)(t,to) = K AAtMo (26) 

Now let us discuss information disposal for processes. Say A 
and B are objects that model FRP types T\ and t 2 , and t, t 0 , and f 0 
are times with t < t a < t' a . The morphism (A B) (r, t a , f a ) models 
an FRP operation that transforms pfj into p to , o for every p that 



inhabits Ti ►" t 2 at t. This FRP operation can be defined as the 
composition of two suboperations, one that turns values p,> o ,< into 
values p to ,i' o , and another one that turns values p to ,f into values p, oA) . 
We introduce two morphisms that model these two suboperations: 

• The morphism cr AButa y a models the first step of information 
disposal. It is defined as follows: 



n ~A,B,t,t a ,t' 0 

a- a 



A,B,!Jo/ 0 



(27) 



This definition uses helper morphisms £a.b.i,i'Jo.i' 0 that are defined 
in the following way: 



f>AJl,t,t',taf 0 
%A,B,t,1' ,t 0 ,t' a 



K f"e((,t') 

i2<7r f "),« < = ( ,,, o ]7r I 



(28) 



if f < t a 
otherwise 



The morphism p A .Bj,t a ,t' u models the second of the abovemen- 
tioned suboperations. Its definition is as follows: 



PA,B,t,to,f 0 '■ KA,B,t,t 0 ,t' u — * K A fi,t,t a ,t 0 

n 

pamma = ]j n A ( /,, ' / °' f o) 

f'e(r,f„] VV f"6(f,f) 



xB(t',t 0 ,Q 



(29) 



The definition of (A *■" B) (t, r 0 , t' 0 ) is now simple: 

(A ► " B) (t, t 0 , O = (p A , B j,, 0 / 0 ) (o-A,B,Vo/ 0 ) 



(30) 



To complete the definition of the functor ►", we have to specify 
how acts on morphisms of S 1 . If morphisms / and g model FRP 
operations u and v, the morphism / g models the FRP operation 
that applies ;/ to the values of the continuous part and v to the value 
of the terminal event of the respective process. This leads to the 
following definition: 



f'eC.fol 



3.6 Concrete Process Categories So Far 

Before we discuss how to model the type constructor >", let us 
compile what we have developed so far. 

We have devised categorical models that are tuples (T, 
where (T, <) is a totally ordered set, and S is a CCCC. There are 
two things that constrain the choice of the category B: 

• We must be able to define the functor ►". Therefore products 
of families indexed by intervals (t,f) as well as products and 
coproducts of families indexed by intervals (t, t'] must exist. 
Existence of products and coproducts for intervals (f, f] implies 
existence of products and coproducts for intervals (t, f')nThe 
converse is also true, since we have 



("£((/] 

4 We discussed the product case in 
analogous. 



V i"e(t,t') 



x A,' 



Subsection 2.1 



The coproduct case is 



and likewise for coproducts. So it is okay to require the exis- 
tence of products and coproducts of families indexed by inter- 
vals (f, 

• The functor category S 1 must have exponentials. So the ends 
in \24\ must exist. 

Given these considerations, we arrive at the definition of CPCs. 

Definition 5 (Concrete process category). Let (T, <) be a totally 
ordered set, I be its temporal index category, and 3 be a CCCC 
that has all products and coproducts of families indexed by intervals 
(t,f) Q T and all ends of the form J„ e[;f/] B(t, f") A ('-'") where 

A,B e S 1 . Then the tuple (T, <, S) is a concrete process category 
( CPC). The actual category that (T, <, £>) denotes is the functor 
category S 1 . 

We now give the definition of the functor ►", which we call weak 
basic temporal functor, like we did in the case of a fan category. 

Definition 6 (Weak basic temporal functor of a CPC). For any CPC 

(T, <, S), the functor : S 1 X S J — > S 1 that is defined according 
to \26\ , \i0\ , and \3l\ is called the weak basic temporal functor of 
(T, <,S). 

The only remaining bit of our categorical semantics is a functor 
that models the type constructor >". Functors that model the 
remaining temporal type constructors can be derived according 
to |Definition 3| like for fan categories. 

3.7 Strong Basic Temporal Functor 

Processes of a type Tj >" t 2 are guaranteed to terminate. However it 
is not immediately clear whether such a constraint can be encoded 
using CPCs, and how it can be encoded if this is possible. The reason 
is that CPCs only deal with information we have at different times. 
This does not play well with global properties like the existence of 
termination times that can be arbitrarily far in the future. That said, it 
is possible to define a functor that models process type constructors 
that place an upper bound on the termination time. We try to define 
a meaning of the type constructor >" based on this functor. 
Let T be the category of (T, <). We introduce the functor 

>Z : T -> (S J ) 
such that for every f b , the functor 

>'/ b : S 1 x S 1 S 1 

models a process type constructor that enforces a maximum t\, 
on termination times. So if A and B model FRP types r t and t 2 , the 
object A >" b B models the type T[ >'! r 2 of all processes that are 
inhabitants of T\ >" t 2 and terminate at t\, or before. This leads to 
the following definition: 



(A>'; b B)(t,t 0 ) 



ift b <t 



i_U(,,, b ] ((n,« e <,,,<)A(Oo)) x B(r,t 0 j) if t < t h < t 0 

I (A B)(t, t 0 ) if t a < t b 



(32) 



We leave the definition of morphisms (a >'/ b fl) (t, t a , t' 0 ) as an ex- 
ercise to the reader. We also do not show explicitly how to define 
applications of >'/ b to morphisms of & , since the respective equation 
can be easily derived from {32} by doing some simple replacements. 

So far, we have dealt with applications of >" to objects ? b of T . 
We still have to discuss applications of >" to morphisms of T . Let 
t b and t' b be times with t b < t' b , and let A and B model FRP types T] 

5 Note that with a discrete time scale, this requirement is automatically 
fulfilled, since all intervals (t, f) are finite in this case. 



and Ti . We define A >',' , , B such that it models the type conversion 
from T\ >'/ r 2 to T\ >',' r 2 



0 



id 



if t b < t 

if t < t b < f b < t 0 
if f < % < f 0 < f b 

if f 0 < f b < t' b 



(33) 



Definition 7 (Bounding temporal functor of a CPC). For any CPC 

(T, <,S), the functor >" as defined above is called the bounding 
temporal functor of (T, <, £>)• 

For any FRP types Ti and t 2 and any time t, the inhabitants of 
T\ >" T2 at f are the values that inhabit any type T\ >'/ t 2 at t. So >" 
is the union of all , which means that it is the least upper bound of 
them. As a result, a functor >" must be a colimit of the functor >". 

Definition 8 (Strong basic temporal functor of a CPC). Lef (J 1 , <, S) 
be a CPC and >" foe to bounding temporal functor. If ">" fes a 
colimit >", this colimit is called the strong basic temporal functor 
of(T,<,&). 

Let us see if a strong basic temporal functor is guaranteed to exist 
and in case it is, whether it really models the type constructor >". 
The situation is good if the time scale has a maximum f max . In 
this case, the type constructor >" is equivalent to >" , and the 
categorical semantics is in line with this. 

Theorem 3. Let (T,^,S) be a CPC where (T,<,) has a maxi- 
mum / max . Then >" is a colimit of >" with injections given by 



Proof. The claim is true because r max is a terminal object of T with 

□ 



Unfortunatly the situation is not so good if time will always 
progress. In this case, CPCs are not able to express the termination 
requirement at all. 

Theorem 4. Let (T, <, S) be a CPC where for every t e T, there is a 
f > t. Then is a colimit of >" with injections u given by the 
following equation: 



(A.B),(t,t 0 ) 



ift b < t 

ift ^t b ^t 0 
if to < t b 



(34) 



Proof. We show that for all objects A and B of S 1 and all times / 
and t 0 with t < t 0 , (A B)(f, f 0 ) is a colimit of (A >" fi)(r, t a ) where 
the injection for a f b is ('r b ) (A ( • From this follows the claim of 
the theorem. 

Let us fix some concrete A, B, t, and t 0 . There exists a time £ 
with t* b > t a . We define a preorder < on T such that t b ^ ti if and 
only if 

(f b < Q V (f b > t' b > f*) . 

Let T be the category of (T, <), and let the functor Q : T — > S be 
defined by the following equations: 

ef b = (A>;^s)(f,f 0 ) (35) 

f|A>" , x s) if«b<< 
g(fb,f b )= V ( fb '0 /<,,,„) b (36) 

(id if t b > t' b > t' b 

6 We use ? to denote the unique moronisms from 0 to the different objects 
ofS. 



Since t b is a terminal object of T with !, b = [t b , t£\, the object 

Qtl=(A>'^Byt,t 0 ) = (A>" B)(t,t 0 ) 

is a colimit of Q with injections <2(?b,fb) = { L 'b) (A s^,, f ^ ne 
cocones over Q are exactly the cocones over (Ao"6)(f, t a ). Therefore 
(A ►" B)(t, t 0 ) is also a colimit of (A >" S)(f, f Q ) with injections 

( t,b )(A,B).(r,r 0 )' D 

Let us see what the reason for the mismatch between FRP 
and its categorical models in the case of an always progressing 
time is. We motivated our definition of >" with the observation 
that the type constructor >" is the least upper bound of the type 
tells us that the type constructor is 



Theorem 4 



constructors 

the least upper bound ot tne type constructors >J^ if we only consider 
type constructors that can be modeled in CPCs. So the bottom line 
of |Theorem 4| is that CPCs are unable to express the termination 
requirement of >". This is an unfortunate weakness of CPCs. In the 
future, we want to develop a more general categorical semantics that 
allows us to model >" precisely without requiring the time scale to 
have a maximum. 

3.8 Causality Again 

We developed CPCs, because we wanted a categorical semantics 
that expresses causality of FRP operations. In particular, we wanted 
a semantics that does not model polymorphic operations from 
<>'(t 1 + t 2 ) to O'ti + 0't 2 and operations from O'O to 0, since 
such operations cannot be causal. In the following, we show that 
meanings of such operations do not exist in CPCs in general. 

Theorem 5. There are CPCs where no natural transformation t 



with t. 



(A.Bt 



0'(A + B) -» O'A + O'B exists. 



Proof. Let (T, =S, S) be a CPC with the following properties: 

• T contains exactly two times t\ and t 2 with t\ <t 2 . 

* The object 1 + 1 in S is not a terminal object. 

Let furthermore I be the temporal index category of (T, <). We 
assume that there is a natural transformation r : R — > S , where 
R (f>8) = <>'(/ + S) and S(f,g) = O'f + O'g. From t, we can 
construct the natural transformation 

t(A x A) : R(A x A) -> S(A x A) , 

where A denotes the diagonal functor from S to & . The func- 

i r \ SxS 

tors R(A x A) and 5 (A x A) are objects of the category I2r 1 
There is a canonical isomorphism between this category and the 

category (& SxS ^ . Applying this isomorphism to r(A x A) yields a 
natural transformation cr with 

(°" (tJo))(X.Y) = ( T (AXAy))(, j(o ) 

for all objects X and Y of S and all times t and t 0 with t < t a . 
Naturality of a implies that the following diagram commutes: 

R(AX,AY)(tuh,t 2 ) 
R(AX, AY)(t, , ti ) < R(AX, AY)(t, , t 2 ) 



(X.Y) 



(°"«1,<2)) 



s(Ax,Ar)(t u h) 



S(AX,AY)(t u h,h) 
According to {11) , |9|, and |Theorem 3[ we have 
<>' = 1 >' - = 1 X 1 >" - = 1 >" 



(X.Y) 

S(AX,AY)(t u h) 



(37) 



Using this fact as well as |Definition 7 we can turn the above 
diagram into a simpler one, replacing objects by other objects that 
are isomorphic to them and adapting morphisms accordingly: 



1 + 1 



X+Y 
X+Y 



(38) 



Here p,, and p, 2 are natural transformations that work like ov, ,,) 
and <x ((| up to isomorphism. Since all natural transformations 
from the coproduct functor to itself are of the form a + f3 with 
q-,/3 : Id — » Id, we know that 

(W 0W )(!x + r) = (!x + w((ft l ) (JW ) = !x + ! r 
for all XJe Ob(S). For X = F = 1, this means that 

(( p ")(i = ! i + ! i = id i +id i = id i+i ■ 

On the other hand, we have 

MWu)) =!i=idi • 

So 1 + 1 = 1, which contradicts our requirement that 1 + 1 is not a 
terminal object. □ 



There is a proof of |Theorem 5| that works with any time domain 
that contains at least two elements and has a maximum, not just with 
time domains that contain exactly two elements. However this proof 
is more complicated, so we did not present it here. 

Theorem 6. There are CPCs where no morphism from O'O to 0 
exists. 

Proof. Let (T, <, S) be a CPC with the following properties: 

• T contains at least two times t\ and t^ with t\ < t%. 

• The object 0 in S is not a terminal object. 

We assume that there is a morphism from O'O to 0. Since O'O = 
1 >" 0, there is also a morphism / : 1 >" 0 — > 0. Let t, 2 : >J' — > >" 

be the colimit injection for t%, and let g be / (( l f 2 ) (] Q \ Then we have 
g : 1 >" 0 -> 0 and thus 

g ih ,, 0 :(i>;;o)(/ 1 ,f,)^o . 

However (l >" 2 0) (fi.fi) is isomorphic to 1, so £(,,.,,> is a morphism 
from a terminal object to the initial object 0. As a result, 0 is also a 
terminal object, which contradicts our premises. □ 

3.9 Emergence Logic 

As we have seen, fan categories are not proper models of FRP, since 
they do not express causality. As a result, the logic described in 
|Subsection 2.1| which uses fan categories as its models, is not a 
precise Curry-Howard correspondent of FRP. However by using 
CPCs instead of fan categories, we get a temporal logic that matches 
FRP exactly. We call this logic emergence logic (EL), since the 
notion of knowledge emerging over time is inherent in it. 

Although many ideas behind EL come from LTL, EL and LTL 
differ in several ways. For a detailed comparison of both logics see 
|Appendix A| 



4. Related Work 

Frob is a Haskell library for programming robots with FRP. It 
contains support for what the authors call processes 1 15 1 or tasks |2 
1 131 1 141 . Processes and tasks in the Frob sense are similar to our 
processes, but differ in two important ways: 

• Frob processes can cover effects like exception handling and 
interrupt monitoring, while our processes are pure values. 

• Even Frob processes without effects generally carry more in- 
formation than our processes. This is because the fundamental 
constructs in Frob are not processes, but behaviors and event 
streams. A Frob process p without effects can only be con- 
structed as a pair of a behavior b and an event stream s. If s is 
empty, then p does not terminate, and b is the continuous part 
of p. Otherwise the first event in s is the terminal event of p, 
and the prefix of b that ends just before the terminal event is 
the continuous part of p. So the suffix of b that starts when the 
process terminates and all events in s that follow the terminal 
event are superfluous. 

We think that our notion of process that comes out naturally as an 
analog of an "until" proof is preferable, since it avoids the problem 
of superfluous information and can serve as the fundamental FRP 
concept from which the classical notions of behavior and event can 
be derived concisely. 

Krishnaswami and Benton |8 | use the category of complete 1- 
bounded ultrametric spaces and nonexpansive maps as a model 
of FRP. The FRP dialect they consider has a discrete notion of 
time and uses streams as its fundamental temporal construct. The 
authors prove that nonexpansiveness corresponds to causality, so 
that morphisms in their semantics only model causal operations. 
Streams are essentially behaviors in the case of discrete time. So it 
might be possible to generalize the approach of Krishnaswami and 
Benton to handle an FRP dialect that works with arbitrary linear 
time scales and uses behaviors as its only temporal core construct. 
However we cannot see at the moment, how we could extend this 
approach such that it covers FRP with processes. 

Jeffrey |4| presents an implementation of FRP in the dependently 
typed programming language Agda. His approach to FRP is in 
the tradition of Yampa (3 1 in that it uses signal functions as the 
core construct of FRP. A signal is a time-varying value that spans 
the whole time scale, and a signal function is a function that 
turns one source signal into one target signal. Jeffrey defines a 
category RSet, which is similar to our fan categories. However 
he interprets morphisms in RSet as signal functions that work 
pointwise. Jeffrey furthermore extends the RSet category using the 
"constrains" modality introduced by McMillan 1 1 1 1. The morphisms 
of the resulting category model causal signal functions. 

Our own work on the foundations of FRP covers the develop- 
ment of axiomatically defined categorical models of FRP without 
processes, called temporal categories |7|. Temporal categories are 
a specialization of categorical models of intuitionistic S4. Fan cat- 
egories are special cases of temporal categories. We strongly con- 
jecture that also CPCs are temporal categories, but have not proved 
this yet. 

There is an interesting connection between CPCs and a logic 
developed by Maier 1 101 . which is based on LTL. The time scale of 
LTL is the totally ordered set of natural numbers. A typical semantics 
of LTL is based on w-words over the alphabet 'P(AP) where AP is 
the set of atomic propositions. Each ai-word a denotes the situation 
where each atomic formula p is true at a time / if and only if p 6 a t . 
The meaning of a proposition <p is the set of all w-words that denote 
situations where ip holds at time 0. 

Maier's logic differs from LTL in that its semantics also allow 
finite words. As a result, the law of excluded middle does not 



hold anymoreQSo Maier calls his logic intuitionistic LTL (ILTL). 
Maier also gives a new characterization of safety and liveness and 
proves that each ILTL proposition is equivalent to a conjunction of 
a safety and a liveness part. It turns out that for every proposition tp, 
the safety part of <p is characterized by the finite words in fttpj, 
while the liveness part of tp is characterized by the infinite words 
in [[</?]]. So if we change Maier's semantics to only allow finite 
words, we obtain a logic that can only express safety properties and 
therefore corresponds to the subset of ILTL that contains all ILTL 
operators except >. This is analogous to CPCs, which consider only 
knowledge about finite time intervals and cannot express > in the 
case of an unlimited time scale. 

5. Conclusions and Further Work 

We have shown that proofs of "until" propositions in temporal 
logic correspond to values in FRP that combine continuous and 
discrete aspects. We have called these values processes and shown 
their usefulness. Furthermore we have introduced concrete process 
categories (CPCs). CPCs can serve as models of FRP with processes 
and its corresponding temporal logic. In particular, causality of FRP 
operations is captured by CPCs. We have shown that CPCs cannot 
express termination guarantees for processes if a time scale with no 
maximum time is used. 

In the future, we want to develop an axiomatically defined 
categorical FRP semantics that covers both CPCs and temporal 
categories |7 | as special cases. Furthermore we want to extend this 
semantics such that it covers additional computational concepts 
like, for example, recursion. We also want to use concepts from 
categorical FRP semantics in the interface design and possibly the 
implementation of FRP systems. 

A. Comparison of EL and LTL 

LTL [ l j is a classical logic that uses a discrete time scale. Its fun- 
damental temporal operators are "next" (O), "always" (□), "eventu- 
ally" (O), and strong "until" (>). EL is an intuitionistic and causal 
version of LTL without the requirement of a discrete time scale. 
An immediate consequence of the latter is that we do not have an 
operator O. The operators □ and O are not fundamental in EL, be- 
cause they can be derived, as shown in |Subsection 2,1| It remains 
to discuss how and why EL and LTL differ in their treatment of the 
"until" operators. 

LTL does not explicitly require a weak "until" operator to exist. 
This is because the ►-operator can be derived from other operators. 
One possible way of doing this is the following: 

(p ». if, = -,(-,,/, > -,((p v i/O) (39) 

This definition is not possible in EL for three different reasons: 

It does not work in an intuitionistic logic. This can already be 
seen by looking at the categorical semantics from |Subsection 2. Tj 
In this semantics, the isomorphism 

/►gsK(g->0)>((/ + g)->0))->0 

would have to hold, which is not the case in general. 

It is not compatible with causality. Say there is a time t at which 
tp ► if/ and -tif/ hold for some formulas tp and if/. If tp ► if/ would be 
equivalent to ->(->if/ > -t(ip V if/)), then (-tif/ > ->{ip V if/)) — » _L 
would hold at r. A proof of this would include a proof of 
(-■i^ V -t(tp V if/)) — > X, referring to the knowledge we have 
at t. However such a proof does not exist, as -tif/ and therefore 
-.<// V -t(tp V if/) holds at t. 



7 This is remarkable, since the semantics are essentially based on truth values. 



It does not work with every time domain. Let us assume, for ex- 
ample, that our time domain is (T, <) with T = {0}U jrr 1 | n e n} 
and ^ being the ordinary order of the reals restricted to T. Let us 
pretend that our logic is classical and does not take causality into 
account. Say there are propositions tp and if/ such that tp A -h// 
holds at time 0, and -up A if/ holds at every other time. Then the 
formula -i(-n// > ->{tp V if/)) is true at time 0, but tp ► i// is not true 
at time 0, because there is no least time at which -up A if/. 

Another way of defining ► in LTL is as follows]^] 

ip + i// = <p>ifivnip (40) 

This definition requires □ to be fundamental, but □ is not funda- 
mental in EL. What is more, this definition is incompatible with 
causality: a proof of <p > if/ V Dtp tells us immediately whether we 
have termination or not, while a proof of tp ► if/ does not tell us about 
termination in advance. 

Another difference between EL and LTL is that the fundamental 
"until" operators of EL are the future-only operators ►" and >", 
while the fundamental "until" operator of LTL is > (from which ► 
can be derived, as we have seen). We have shown in |Subsection 2.1| 
that ► and > can be defined in terms of ►" and >". In LTL, it is also 
possible to define and >" in terms of ► and > as follows: 

<p>" <fi = 0(<p>iff) tp>"tf/ = 0((p>ifr) (41) 

We do not have this option in EL, because we do not have O, which 
is why we start with and >". 

Acknowledgments 

I thank Tarmo Uustalu for all the helpful discussions about the topics 
of this paper. Thanks go also to the anonymous reviewers, whose 
remarks were very helpful for improving the paper. I furthermore 
thank Mike Shulman and Todd Trimble for answering questions 
about category theory. 

This work was supported by the ERDF through the Estonian 
Center of Excellence in Computer Science (EXCS). 

References 

[1] E. A. Emerson. Temporal and modal logic. In J. van Leeuwen, 
editor, Formal Models and Semantics, volume B of Handbook of 
Theoretical Computer Science, pages 995-1072. MIT Press, Cambridge, 
Massachusetts, Jan. 1994. ISBN 978-0262720151. 

[2] G. Hager and J. Peterson. FROB: A transformational approach 
to the design of robot software. In J. M. Hollerbach and D. E. 
Koditschek, editors, Robotics Research: The Ninth International Sym- 
posium, pages 257-264. Springer, London, England, May 2000. ISBN 
978-1852332921. 

[3] P. Hudak, A. Courtney, H. Nilsson, and J. Peterson. Arrows, robots, 
and functional reactive programming. In J. Jeuring and S. Pey- 
ton Jones, editors, Advanced Functional Programming, volume 2638 
of Lecture Notes in Computer Science, pages 159-187. Springer, 
Berlin/Heidelberg, Germany, 2003. ISBN 978-3-540-40132-2. doi: 
10.1007/978-3-540-44833-4_6. 

[4] A. Jeffrey. LTL types FRP: Linear-time temporal logic propositions 
as types, proofs as functional reactive programs. In Proceedings 
of the Sixth Workshop on Programming Languages Meets Program 
Verification (PLPV '12), pages 49-60, New York, 2012. ACM. ISBN 
978-1-4503-1125-0. doi: 10.1145/2103776.2103783. 

[5] W. Jeltsch. Programming in linear temporal logic. Slides of a talk given 
at the Computer Science Theory Seminar of the TTU Kuberneetika 
Instituut, Feb. 2011. URL |http : //cs ■ ioc . ee/~ta rmo/tseml8/ 
| jeltsch.html| 



8 This approach is closely related to the definition of the functor in the 
categorical semantics from |Section 2| as shown in |2j. 



[6] W. Jeltsch. The Curry-Howard correspondence between temporal 
logic and functional reactive programming. Slides of a talk given 
at the Estonian Computer Science Theory Days at Nelijarve, Feb. 
2011. URL http://www.cs.ut.ee/~varmo/tday-nelijarve/ 
ettekanded . html 

[7] W. Jeltsch. Towards a common categorical semantics for linear-time 
temporal logic and functional reactive programming. Electronic Notes 
in Theoretical Computer Science, 286:229-242, Sept. 2012. ISSN 
1571-0661. doi: 10.1016/j.entcs.2012.08.015. 

[8] N. R. Krishnaswami and N. Benton. Ultrametric semantics of reactive 
programs. In Proceedings of the 26th Annual IEEE Symposium on Logic 
in Computer Science (LICS 'II), pages 257-266, New York, June 201 1. 
IEEE. ISBN 978-1-4577-0451-2. doi: 10.1109/LICS.2011.38. 

[9] J. Lambek and R J. Scott. Introduction to Higher-Order Categorical 
Logic. Number 7 in Cambridge Studies in Advanced Mathematics. 
Cambridge University Press, Cambridge, England, July 1988. ISBN 
978-0521356534. 

[10] P. Maier. Intuitionistic LTL and a new characterization 
of safety and liveness. Technical Report MPI-I-2004-2-002, 
Max Planck Institut fiir Informatik, Saarbriicken, Germany, 
Aug. 2004. URL http://domino.mpi-inf.mpg.de/internet/ 
reports . nsf /NumberView/2084- 2 - 002 

[11] K. L. McMillan. Circular compositional reasoning about liveness. 
In L. Pierre and T. Kropf, editors, Correct Hardware Design and 
Verification Methods, volume 1703 of Lecture Notes in Computer 
Science, pages 342-346. Springer, London, England, 1999. ISBN 
978-3-540-66559-5. doi: 10.1007/3-540-48153-2_30. 

[12] K. S. Namjoshi and R. J. Trefler. On the completeness of compositional 
reasoning methods. ACM Transactions on Computational Logic, 1 1 
(3):16:1-16:22, May 2010. ISSN 1529-3785. doi: 10.1145/1740582. 
1740584. 

[13] J. Peterson and G. Hager. Monadic robotics. In Proceedings of the 2nd 
Conference on Domain-Specific Languages (DSL '99), pages 95-108, 
New York, 1999. ACM. ISBN 1-58113-255-7. doi: 10.1145/331960. 
331976. 

[14] J. Peterson, P. Hudak, and C. Elliott. Lambda in motion: Controlling 
robots with Haskell. In G. Gupta, editor, Practical Aspects of Declara- 
tive Languages, volume 1551 of Lecture Notes in Computer Science, 
pages 91-105. Springer, Berlin/Heidelberg, Germany, 1998. ISBN 
978-3-540-65527-5. doi: 10.1007/3-540-49201- 1_7. 

[15] J. Peterson, G. Hager, and P. Hudak. A language for declarative 
robotic programming. In Proceedings of the 1999 IEEE International 
Conference on Robotics and Automation (ICRA '99), pages 1144- 
1151, New York, June 1999. IEEE. ISBN 0-7803-5180-0. doi: 
10.11 09/ROBOT. 1 999.7725 1 6. 



